6

Related subject: blocking facebook.com outside facebook.com domain

This is from default.filter

#################################################################################
#
# shockwave-flash: Kill embedded Shockwave Flash objects.
#                  Note: Better just block "/.*\.swf$"!
#
#################################################################################
FILTER: shockwave-flash Kill embedded Shockwave Flash objects.

s|<object [^>]*macromedia.*</object>|<!-- Squished Shockwave Object -->|sigU
s|<embed [^>]*(application/x-shockwave-flash\|\.swf).*>(.*</embed>)?|<!-- Squished Shockwave Flash Embed -->|sigU

This is how you implement it in the .action file

#############################################################################
# Kill embedded Shockwave SWF objects
#############################################################################
{+filter{shockwave-flash}}
.funny-games.biz/

Works fine, but...

I am failing to achieve my wanted result

.filter:

#################################################################################
#
# trace-widget: Get rid of particularly annoying so-called sharing buttons.
#
#################################################################################
FILTER: trace-widget Kill embedded spying buttons.

s|<script [^>]*.twitter.*</script>|<!-- Squished Twitter Object -->|sigU

.action:

#----------------------------------------------------------------------------
# Deny access for Facebook Google and Twitter scripts
#----------------------------------------------------------------------------
{+filter{trace-widget}}
/

What is wrong with it?

I am puzzled on how it can be applied for frames and scripts like:

Twitter:

<script type="text/javascript" src="http://platform.twitter.com/widgets.js"></script>

Google: g+ analytics etc.

<g:plusone annotation="inline"></g:plusone>

<script type="text/javascript">
  (function() {
    var po = document.createElement('script'); po.type = 'text/javascript'; po.async = true;
    po.src = 'https://apis.google.com/js/plusone.js';
    var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(po, s);
  })();
</script>

Facebook:

<script src="http://static.ak.fbcdn.net/connect.php/js/FB.Share" type="text/javascript"></script>

<a name="fb_share" type="button_count" share_url="..." href="http://www.facebook.com/sharer.php">Share</a>

<iframe frameborder='0' id='facebook_like' scrolling='no' src='https://www.facebook.com/plugins/like.php?href=...'></iframe>

Your help is deeply appreciated.

Update (working filter rules)

Facebook:

s|<a [^>]*(sharer.php).*>(.*</a>)|<!-- Squished Facebook Object -->|sigU
s|<iframe [^>]*(like.php).*>(.*</iframe>)|<!-- Squished Facebook Frame -->|sigU

(this would be better if a facebook.com and fbcdn.net domains be added to these rules so that it won't block any other PHP or JS or other contents of the current website)

Google: (not always working - cutroni.com)

s|<script [^>]*(plusone.js).*>(.*</script>)|<!-- Squished Google Button -->|sigU

Twitter: (work with fenopy.eu but not with The Pirate Bay HTTPS pages https://thepiratebay.org/) (not always working - cutroni.com)

s|<script [^>]*(widgets.js).*>(.*</script>)|<!-- Squished Twitter Object -->|sigU

Your help, for a better code, is deeply appreciated.

Edit: Not f'd — you won't find me on Facebook fsf.org/fb (Just for fun xD)

s|<a [^>]*(sharer.php).*>(.*</a>)|<a href="http://www.fsf.org/fb"><img src="http://img804.imageshack.us/img804/7822/dislike50.png" alt="Not f'd" /></a>|sigU
Community
  • 1
jojo
  • 119
  • 2
  • 6

2 Answers2

1

Don't be too sure if something is not working. Remember that you can't filter that is passed through a HTTPS connection.

HTTPS means that the connection is secured, so privoxy only sees encrypted data pass and lets it pass unfiltered.

@rozcietrzewiacz: Yeah, may be that might be constraining, but that's your opinion. I find it much more concerning that certain sites, especially facebook is stuffing sites with garbage with the sole purpose of following users anywhere and intruding their privacy.

ike
  • 11
  • 1
  • I was hoping not to receive this sort of an answer, but I feared that this is the case. So this means that I shall keep the rules of the .action file: line1: {+block{DNT - Do Not Track}} line2: .facebook.com/ line3: .google. line4: .myspace.com/ line5: .twitter.com/ – jojo Feb 01 '12 at 01:40
  • Is there any way to intermediate between Privoxy and a web browser? (such as Arora, Epiphany, Konqueror, Midori, Opera, Rekonq ...yep, everything but the lizard) – jojo Feb 01 '12 at 01:52
1

I'm not sure I do understand what you're up to. All those things you mention are other webbrowsers. Why would you have another browser as intermediate between Privoxy and Firefox?

You can indeed intermediate between Privoxy and Firefox. Let's say you can easily make this construction:

Firefox -> Squid -> Privoxy

and then you've another level of filtering.

But still that doesn't change the fact that you cannot filter https connections.

Well, actually there seems to be some sort of method involving setting up Squid as an intermediate which accepts the secured connection and presenting its own certificate to the browser thereby fooling the browser that it is presented the original secured connection. But this involves complicated actions like setting up your own certificate authority (CA) and generating a certificate for Squid and then still the browser will know that the certificate is not from a trusted authority and complain about that. Moreover this type of eavesdropping can be illegal in certain countries if you use it for purposes other than your own private activities.

I did not test this so I cannot tell you how it works and if it works. On the end of the day it is just easier to block the domain that uses the secured connection completely.

Ike
  • 11
  • 1